If the study was done with target consent, it might be biased with inflated click-through rates due to the targets expecting benign well-targeted spear-phishing messages.
If it was done without target consent, it would certainly be unethical.
I'm certain that someday I'm going to be dinged on a really shallow kind of work security test because I decided to investigate a link into a sandbox/honeypot environment.
These phish testing companies always stick a header (X-PHISH-TEST or some such) on the email so the email server can white-list -- easy to just Outlook blackhole filter anything with that header after you've seen one test.
What stops an attacker from abusing the same header?
It could be kinda-secure if the header had to have a payload which matched a certain value pre-approved for a time-period. However an insider threat could see the test going on and then launch their own campaign during the validity window.
If it was done without target consent, it would certainly be unethical.